Cryptographic systems are required for enforcement of Digital Rights Management (DRM). Such systems may be used to protect digital works, such as motion pictures, music, and/or software from unauthorized use. Discovery of a key to such a system allows software to be executed, motion pictures to be viewed and music to be listened to, etc., all without payment of legally required royalties.
A “white-box” device can be configured to use a key to encrypt or decrypt data. Such a device could be used to play music or a movie on a PC, for example. Similarly, a white-box might be part of (or associated with) a software application. Unlike a black box, for which only the inputs and outputs are known, much can be discovered about the operation of a white-box. In particular, a white-box is a device that is potentially in the possession of an adversary, and may be carefully observed and/or probed. If successful, the adversary may extract a key from the white-box, and utilize the key with other white-boxes installed on other computer systems, thereby evading royalty and fee payment on a large scale.
Typically, keys contained within a white-box comprise small, self-contained, amounts of data. Unfortunately, keys are not adequately protected by the AES (Advanced Encryption Standard), particularly in a white-box environment wherein observation of sub-keys used in rounds can reveal the identity of the key. This is not unexpected, since neither AES nor DES was designed with white-boxing in mind—i.e., these ciphers and most others were not intended to hide their keys. Therefore, while AES is an advancement over its predecessor, the Data Encryption Standard (DES), a need still exists for an encryption system that better protects software and content from unlawful attack.